Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
750
Views
0
Helpful
1
Replies

VPN send errors

Harutyun Hakobyan
Level 1
Level 1

‎01-21-2014 07:24 AM

Hi all,

I have configured basic VPN with crypto map on physical interface. On the same interface also configured NAT (outside). With NAT-ACL local IPs NATed to physical interface public IP, then ACL for crypto map is used for encryption which matches interface publlic IP and destination public IP.

show ip nat translations shows that NAT is working.

show crypto isakmp sa  shows status ACTIVE.

But show crypto ipsec sa shows:

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 3817, #recv errors 0

Packets encrypted and decrypted - 0 and send errors are increasing.

So what to do/check ?

Thanks


1 person had this problem
Labels:
0 Helpful
1 Reply 1

Harutyun Hakobyan
Level 1
Level 1

‎01-23-2014 05:05 AM

And debug shows:

#debug crypto isakmp error

Crypto ISAKMP Error debugging is on

*Jan 23 13:00:48.007: ISAKMP:(1035):deleting node -1526225909 error TRUE reason "Delete Larval"

*Jan 23 13:01:18.003: ISAKMP:(1035):deleting node 1292924678 error TRUE reason "Delete Larval"

*Jan 23 13:01:48.007: ISAKMP:(1035):deleting node -1122803491 error TRUE reason "Delete Larval"

*Jan 23 13:02:18.003: ISAKMP:(1035):deleting node 258380048 error TRUE reason "Delete Larval"

*Jan 23 13:02:48.007: ISAKMP:(1035):deleting node -439430047 error TRUE reason "Delete Larval"

0 Helpful
Customers Also Viewed These Support Documents